Patents by Inventor Tatu Ylonen

Tatu Ylonen has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20140007219
    Abstract: This invention provides a method for providing network security services, such as those provided by the IPSEC protocol, through network address translation (NAT). The method is based on determining the transformations that occur on a packet and compensating for the transformations. Because only TCP and UDP protocols work through NATs, the IPSEC AH/ESP packets are encapsulated into UDP packets for transport. Special operations are performed to allow reliable communications in such environments.
    Type: Application
    Filed: August 26, 2013
    Publication date: January 2, 2014
    Applicant: TECTIA OYJ
    Inventors: Tero Kivinen, Tatu Ylonen
  • Publication number: 20130346556
    Abstract: This invention provides a method for providing network security services, such as those provided by the IPSEC protocol, through network address translation (NAT). The method is based on determining the transformations that occur on a packet and compensating for the transformations. Because only TCP and UDP protocols work through NATs, the IPSEC AH/ESP packets are encapsulated into UDP packets for transport. Special operations are performed to allow reliable communications in such environments.
    Type: Application
    Filed: August 28, 2013
    Publication date: December 26, 2013
    Applicant: TECTIA OYJ
    Inventors: Tero Kivinen, Tatu Ylonen
  • Publication number: 20130346555
    Abstract: This invention provides a method for providing network security services, such as those provided by the IPSEC protocol, through network address translation (NAT). The method is based on determining the transformations that occur on a packet and compensating for the transformations. Because only TCP and UDP protocols work through NATs, the IPSEC AH/ESP packets are encapsulated into UDP packets for transport. Special operations are performed to allow reliable communications in such environments.
    Type: Application
    Filed: August 28, 2013
    Publication date: December 26, 2013
    Applicant: TECTIA OYJ
    Inventors: Tero Kivinen, Tatu Ylonen
  • Publication number: 20130339524
    Abstract: This invention provides a method for providing network security services, such as those provided by the IPSEC protocol, through network address translation (NAT). The method is based on determining the transformations that occur on a packet and compensating for the transformations. Because only TCP and UDP protocols work through NATs, the IPSEC AH/ESP packets are encapsulated into UDP packets for transport. Special operations are performed to allow reliable communications in such environments.
    Type: Application
    Filed: August 26, 2013
    Publication date: December 19, 2013
    Applicant: TECTIA OYJ
    Inventors: Tero Kivinen, Tatu Ylonen
  • Patent number: 8566920
    Abstract: A method and apparatuses are disclosed for handling digital data packets at a logical borderline that separates an untrusted packet-switched information network from a protected domain. A packet processor part intercepts a packet that is in transit between the untrusted packet-switched information network and the protected domain. The packet is examined at the packet processor part in order to determine, whether the packet contains digital data that pertains to a certain protocol. If the packet is not found to contain such digital data, it is processed at the packet processor part. If the packet is found to contain digital data that pertains to said certain protocol, it gets redirected to an application gateway part that processes the packet according to a set of processing rules based on obedience to said certain protocol. The packet processor part is a kernel mode process running in a computer device and the application gateway part is a user mode process running in a computer device.
    Type: Grant
    Filed: September 30, 2009
    Date of Patent: October 22, 2013
    Assignee: Inside Secure
    Inventors: Tatu Ylönen, Tero Kivinen, Markus Levlin
  • Patent number: 8544079
    Abstract: This invention provides a method for providing network security services, such as those provided by the IPSEC protocol, through network address translation (NAT). The method is based on determining the transformations that occur on a packet and compensating for the transformations. Because only TCP and UDP protocols work through NATs, the IPSEC AH/ESP packets are encapsulated into UDP packets for transport. Special operations are performed to allow reliable communications in such environments.
    Type: Grant
    Filed: August 24, 2010
    Date of Patent: September 24, 2013
    Assignee: Tectia Oyj
    Inventors: Tero Kivinen, Tatu Ylonen
  • Patent number: 8365273
    Abstract: This invention provides a method for providing network security services, such as those provided by the IPSEC protocol, through network address translation (NAT). The method is based on determining the transformations that occur on a packet and compensating for the transformations. Because only TCP and UDP protocols work through NATs, the IPSEC AH/ESP packets are encapsulated into UDP packets for transport. Special operations are performed to allow reliable communications in such environments.
    Type: Grant
    Filed: January 8, 2010
    Date of Patent: January 29, 2013
    Assignee: Tectia Oyj
    Inventors: Tero Kivinen, Tatu Ylonen
  • Patent number: 8245288
    Abstract: This invention provides a method for providing network security services, such as those provided by the IPSEC protocol, through network address translation (NAT). The method is based on determining the transformations that occur on a packet and compensating for the transformations. Because only TCP and UDP protocols work through NATs, the IPSEC AH/ESP packets are encapsulated into UDP packets for transport. Special operations are performed to allow reliable communications in such environments.
    Type: Grant
    Filed: September 8, 2011
    Date of Patent: August 14, 2012
    Assignee: Tectia Oyj
    Inventors: Tero Kivinen, Tatu Ylonen
  • Patent number: 8127348
    Abstract: This invention provides a method for providing network security services, such as those provided by the IPSEC protocol, through network address translation (NAT). The method is based on determining the transformations that occur on a packet and compensating for the transformations. Because only TCP and UDP protocols work through NATs, the IPSEC AH/ESP packets are encapsulated into UDP packets for transport. Special operations are performed to allow reliable communications in such environments.
    Type: Grant
    Filed: May 12, 2005
    Date of Patent: February 28, 2012
    Assignee: Tectia Oyj
    Inventors: Tero Kivinen, Tatu Ylonen
  • Publication number: 20110320623
    Abstract: This invention provides a method for providing network security services, such as those provided by the IPSEC protocol, through network address translation (NAT). The method is based on determining the transformations that occur on a packet and compensating for the transformations. Because only TCP and UDP protocols work through NATs, the IPSEC AH/ESP packets are encapsulated into UDP packets for transport. Special operations are performed to allow reliable communications in such environments.
    Type: Application
    Filed: September 8, 2011
    Publication date: December 29, 2011
    Applicant: Tectia Oyj
    Inventors: Tero Kivinen, Tatu Ylonen
  • Publication number: 20100318682
    Abstract: This invention provides a method for providing network security services, such as those provided by the IPSEC protocol, through network address translation (NAT). The method is based on determining the transformations that occur on a packet and compensating for the transformations. Because only TCP and UDP protocols work through NATs, the IPSEC AH/ESP packets are encapsulated into UDP packets for transport. Special operations are performed to allow reliable communications in such environments.
    Type: Application
    Filed: August 24, 2010
    Publication date: December 16, 2010
    Applicant: Tectia Oyj
    Inventors: Tero Kivinen, Tatu Ylonen
  • Publication number: 20100185703
    Abstract: A lock-free write barrier buffer is used to combine multiple writes to identical locations and save old values of written memory locations and to reduce TLB misses compared to card marking. The old value of a written location as well as the address of the header of the written object can be saved, which is not possible with card marking. Scanning the card table and marked pages are eliminated. The method is lock-free, scaling to highly concurrent multiprocessors and multi-core systems.
    Type: Application
    Filed: January 14, 2009
    Publication date: July 22, 2010
    Applicant: Tatu Ylonen Oy Ltd
    Inventor: Tatu Ylonen
  • Publication number: 20100138560
    Abstract: This invention provides a method for providing network security services, such as those provided by the IPSEC protocol, through network address translation (NAT). The method is based on determining the transformations that occur on a packet and compensating for the transformations. Because only TCP and UDP protocols work through NATs, the IPSEC AH/ESP packets are encapsulated into UDP packets for transport. Special operations are performed to allow reliable communications in such environments.
    Type: Application
    Filed: January 8, 2010
    Publication date: June 3, 2010
    Applicant: SSH COMMUNICATIONS SECURITY LTD.
    Inventors: Tero Kivinen, Tatu Ylonen
  • Publication number: 20100024026
    Abstract: A method and apparatuses are disclosed for handling digital data packets at a logical borderline that separates an untrusted packet-switched information network from a protected domain. A packet processor part intercepts a packet that is in transit between the untrusted packet-switched information network and the protected domain. The packet is examined at the packet processor part in order to determine, whether the packet contains digital data that pertains to a certain protocol. If the packet is not found to contain such digital data, it is processed at the packet processor part. If the packet is found to contain digital data that pertains to said certain protocol, it gets redirected to an application gateway part that processes the packet according to a set of processing rules based on obedience to said certain protocol. The packet processor part is a kernel mode process running in a computer device and the application gateway part is a user mode process running in a computer device.
    Type: Application
    Filed: September 30, 2009
    Publication date: January 28, 2010
    Applicant: SafeNet, Inc.
    Inventors: Tatu Ylonen, Tero Kivinen, Markus Levlin
  • Patent number: 7302487
    Abstract: A method is presented for setting up communication parameters in a virtual private network node for connecting to at least one other node in the virtual private network. The method may include reading information from a hardware token for determining how to connect to a packet data network; reading information from the hardware token for determining how to obtain configuration information for the virtual private network node; connecting to a packet data network on the basis of information read from the hardware token; obtaining configuration information for the virtual private network node on the basis of information read from the hardware token; and using obtained configuration information for setting up the communication parameters.
    Type: Grant
    Filed: March 22, 2002
    Date of Patent: November 27, 2007
    Assignee: SafeNet, Inc.
    Inventors: Tatu Ylonen, Tero Kivinen, Marko Teiste
  • Publication number: 20060256815
    Abstract: This invention provides a method for providing network security services, such as those provided by the IPSEC protocol, through network address translation (NAT). The method is based on determining the transformations that occur on a packet and compensating for the transformations. Because only TCP and UDP protocols work through NATs, the IPSEC AH/ESP packets are encapsulated into UDP packets for transport. Special operations are performed to allow reliable communications in such environments.
    Type: Application
    Filed: May 12, 2005
    Publication date: November 16, 2006
    Applicant: SSH Communications Security Ltd
    Inventors: Tero Kivinen, Tatu Ylonen
  • Patent number: 6957346
    Abstract: This invention provides a method for providing network security services, such as those provided by the IPSEC protocol, through network address translation (NAT). The method is based on determining the transformations that occur on a packet and compensating for the transformations. Because only TCP and UDP protocols work through NATs, the IPSEC AH/ESP packets are encapsulated into UDP packets for transport. Special operations are performed to allow reliable communications in such environments.
    Type: Grant
    Filed: June 15, 1999
    Date of Patent: October 18, 2005
    Assignee: SSH Communications Security Ltd.
    Inventors: Tero Kivinen, Tatu Ylonen
  • Publication number: 20040250072
    Abstract: A network device (100, 300) is connected to a network (102) having also a management station (107) connected thereto.
    Type: Application
    Filed: May 14, 2004
    Publication date: December 9, 2004
    Inventor: Tatu Ylonen
  • Patent number: 6795917
    Abstract: For achieving packet authentication according to an applicable security policy between a sending node (903) and a receiving node (902) in a network, the following steps are taken: the transformations occurring to a packet en route between the sending node and the receiving node are discovered dynamically (1003, 1004), the discovered transformations are checked (1004) to be acceptable based on the applicable security policy, and the dynamically discovered, acceptable transformations are compensated for (1004, 1006) before authenticating packets transmitted from the sending node to the receiving node.
    Type: Grant
    Filed: October 21, 1999
    Date of Patent: September 21, 2004
    Assignee: SSH Communications Security LTD
    Inventor: Tatu Ylonen
  • Patent number: 6782474
    Abstract: A network device (100, 300) is connected to a network (102) having also a management station (107) connected thereto. The method for configuring the network device comprises the steps of transmitting from the management station a configuration packet to the network device (201), authenticating at the network device the management station as the genuine transmitter of the configuration packet (202) and decoding the configuration parameters contained in said configuration packet and storing them as the configuration parameters of the network device (203).
    Type: Grant
    Filed: June 4, 1999
    Date of Patent: August 24, 2004
    Assignee: SSH Communication Security Ltd.
    Inventor: Tatu Ylonen